SECURITY update; py-Django 1.4.5

https://www.djangoproject.com/weblog/2013/feb/19/security/

- Host header poisoning: an attacker could cause Django to generate
and display URLs that link to arbitrary domains.

- Formset denial-of-service: an attacker can abuse Django's tracking
of the number of forms in a formset to cause a denial-of-service attack.

- XML attacks: Django's serialization framework was vulnerable to
attacks via XML entity expansion and external references.

- Data leakage via admin history log: Django's admin interface could
expose supposedly-hidden information via its history log.

www/py-django/Makefile

@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.25 2012/12/29 07:16:38 rpointel Exp $
+# $OpenBSD: Makefile,v 1.26 2013/03/02 12:47:49 sthen Exp $
 
 COMMENT =	high-level Python web framework
 
-MODPY_EGG_VERSION =	1.4.3
+MODPY_EGG_VERSION =	1.4.5
 LNAME =			django
 DISTNAME =		Django-${MODPY_EGG_VERSION}
 PKGNAME =		py-${LNAME}-${MODPY_EGG_VERSION}

www/py-django/distinfo

@@ -1,2 +1,2 @@
-SHA256 (Django-1.4.3.tar.gz) = 3K20thLl0U9iB4hpYXomp5s9pxlXOAHTUcSgp/QYHE4=
-SIZE (Django-1.4.3.tar.gz) = 7729808
+SHA256 (Django-1.4.5.tar.gz) = Dh6MQhcplnK7+UBJlHF/yi2NS3pPe4s7dNQT4f2oFCg=
+SIZE (Django-1.4.5.tar.gz) = 7735582

www/py-django/pkg/PLIST

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.16 2012/12/29 07:16:38 rpointel Exp $
+@comment $OpenBSD: PLIST,v 1.17 2013/03/02 12:47:49 sthen Exp $
 bin/${LNAME}-admin.py
 lib/python${MODPY_VERSION}/site-packages/Django-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info
 lib/python${MODPY_VERSION}/site-packages/${LNAME}/
@@ -7078,6 +7078,7 @@ share/doc/${LNAME}/releases/1.4-alpha-1.txt
 share/doc/${LNAME}/releases/1.4-beta-1.txt
 share/doc/${LNAME}/releases/1.4.1.txt
 share/doc/${LNAME}/releases/1.4.2.txt
+share/doc/${LNAME}/releases/1.4.4.txt
 share/doc/${LNAME}/releases/1.4.txt
 share/doc/${LNAME}/releases/index.txt
 share/doc/${LNAME}/topics/